Daira Hopwood
f0f7068552
Add test vectors for map_to_simple_swu.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-27 14:24:13 +01:00
Daira Hopwood
6a4f42ce25
Resolve an ambiguity in the Internet Draft
...
(https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-10.html#name-finding-z-for-the-shallue-va ).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 13:14:15 +01:00
Daira Hopwood
71094393e8
Sage-on-Python 3 compatibility fixes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 12:32:27 +01:00
Daira Hopwood
571dab6596
Update the Pallas test vector so that it exercises both the gx1 square and non-square branches.
...
This matches the comment in the Rust code:
// This test vector is chosen so that the first map_to_curve_simple_swu takes the gx1 square
// "branch" and the second takes the gx1 non-square "branch" (opposite to the Vesta test vector).
The existing test vector for Vesta, by coincidence (1 in 4 chance), did not need to be changed.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-27 13:53:00 +00:00
Daira Hopwood
044baaab1f
hashtocurve.sage: the block size of BLAKE2b is 128 bytes, not 64 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-22 22:34:29 +00:00
Daira Hopwood
de872b47f7
hashtocurve.sage: minor changes to get access to the Sage EllipticCurve point from hash_to_*_jacobian.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-06 22:04:22 +00:00
Daira Hopwood
c51449a535
Change to XMD:BLAKE2b, and use the same test vectors as the Rust implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:11:19 +00:00
Daira Hopwood
779c3b117e
Fix the case where the input to map_to_curve_simplified_swu is 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:10:23 +00:00
Daira Hopwood
fb448f3538
Add isogeny for Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-13 01:11:34 +00:00
Daira Hopwood
540fe946c1
Fix unified addition.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 21:01:33 +00:00
Daira Hopwood
8e22490f43
hashtocurve.sage: make DEBUG = True work.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 02:23:55 +00:00
Daira Hopwood
3523aee87f
hashtocurve.sage: fix a bug due to inadvertently relying on values calculated by debug code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 02:22:01 +00:00
Daira Hopwood
fd7283a979
Make map_to_curve_simple_swu take a single input again (since we no longer need batch inversion).
...
Also make it clearer that we don't depend on Sage's elliptic curve impl except for debugging.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 00:50:42 +00:00
Daira Hopwood
c0f2b2d8b6
Correct a comment.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 00:20:36 +00:00
Daira Hopwood
4a3a34feea
Improve comments and cost accounting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-01 19:44:32 +00:00
Daira Hopwood
50d3e83467
Implement the optimization from [WB2019, section 4.2] that removes the remaining inversion.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-01 03:37:41 +00:00
Daira Hopwood
391e67f250
hashtocurve.sage: correct a comment.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 15:26:20 +00:00
Daira Hopwood
112983e667
hashtocurve: allow use of the sqrt optimization with the Z recommended by the Internet Draft.
...
This also makes the sqrt and hash-to-curve implementations depend on each other less strongly.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 13:45:35 +00:00
Daira Hopwood
ef3405dd20
Add an optimization from [WB2019, section 4.2] that saves a square root for each map_to_curve.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 03:35:50 +00:00
Daira Hopwood
71afc68f7d
hashtocurve.sage: add Jacobian coordinate implementation that avoids two of the three inversions.
...
Do not base production code on this yet!
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-30 16:09:25 +00:00
Daira Hopwood
7df33f4ce4
hashtocurve.sage: more realistic use of Montgomery's trick.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-29 17:58:50 +00:00
Daira Hopwood
96fd2c794e
[WIP] Add a prototype implementation of hash-to-curve. This intends to implement the Internet Draft but has not been checked.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-29 17:58:50 +00:00